Design/Logic Flaw

2022-01-1820:15:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.